为什么我的 WCF 端点不抛出 Max Clock Skew 异常? [英] Why doesn't my WCF endpoint throw a Max Clock Skew exception?

问题描述

对于我的应用程序中几乎所有(安全的)WCF 服务端点，如果客户端的系统时钟在未来或过去设置得太远，我会从 WCF 时钟偏移机制中得到一个异常(此处描述:http://www.danrigsby.com/blog/index.php/2008/08/26/changed-the-default-clock-skew-in-wcf/).

With almost all of the (secure) WCF service endpoints in my application, if the client's system clock is set too far in the future or past, I get an exception from WCFs Clock Skew mechanism (described here: http://www.danrigsby.com/blog/index.php/2008/08/26/changing-the-default-clock-skew-in-wcf/).

然而，实现我的 Login() 方法的一个端点永远不会抛出这个异常，即使它启用了传输安全(自然不需要凭据).

However the one endpoint where my Login() method is implemented never throws this exception even though it has transport security enabled (naturally no credentials are required for it).

为什么时钟偏移机制"不适用于此端点?也许是因为 clientCredentialType 设置为无"?

Why isn't the "Clock Skew mechanism" working for this endpoint? Maybe it's because clientCredentialType is set to "None"?

例如，这是我的配置的简化版本:

As an example, here's a simplified version of my configuration:

<services>
    <service name="Foo">
        <endpoint address=""
            binding="wsHttpBinding"
            bindingConfiguration="binding1"
            contract="IFoo" />
    </service>
</services>

<bindings>
    <wsHttpBinding> 
        <binding name="binding1" maxReceivedMessageSize="100000000">
            <readerQuotas maxDepth="1000000000" maxArrayLength="1000000000" maxStringContentLength="1000000000" />
            <security mode="Transport">
                <transport clientCredentialType ="None"/>
            </security>
            <reliableSession enabled="false" />
        </binding>
    </wsHttpBinding>    
</bindings>     

推荐答案

安全模式 - security mode="Transport" - 不包括消息中的时间戳，这会导致 MaxClockSkew 验证忽略消息而不抛出安全例外.将安全模式更改为 security mode="TransportWithMessageCredential"，其中包括时间戳并允许 MaxClockSkew 验证来测试消息的时间增量.

The security mode - security mode="Transport" - does not include time stamp in the message which cause the MaxClockSkew validation to ignore the message and not throws a security exception. Change the security mode to security mode="TransportWithMessageCredential" which include time stamps and allow the MaxClockSkew validation to test the message for time delta.

这篇关于为什么我的 WCF 端点不抛出 Max Clock Skew 异常?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！